products.vab.be
Open in
urlscan Pro
84.199.66.5
Malicious Activity!
Public Scan
URL:
https://products.vab.be/IndirectProductSalePayment/KbcPayPage.aspx?id=ec2da594-227a-4e8f-b9f0-7052c6e8add4
Submission: On March 03 via api from BE — Scanned from DE
Submission: On March 03 via api from BE — Scanned from DE
Summary
This website contacted 2 IPs
in 2 countries
across 2 domains to perform 22 HTTP transactions.
The main IP is 84.199.66.5, located in
Antwerp, Belgium and
belongs to TELENET-AS, BE.
The main domain is products.vab.be.
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on January 24th 2024. Valid for: a year.
This is the only time products.vab.be was scanned on urlscan.io!
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on January 24th 2024. Valid for: a year.
This is the only time products.vab.be was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Transportation (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 12 | 84.199.66.5 84.199.66.5 | 6848 (TELENET-AS) (TELENET-AS) | |
| 10 | 185.8.54.21 185.8.54.21 | 47957 (ING-AS) (ING-AS) | |
| 22 | 2 |
12
84.199.66.5
(Antwerp, Belgium)
ASN6848 (TELENET-AS, BE)
PTR: 84-199-66-5.iFiber.telenet-ops.be
ASN6848 (TELENET-AS, BE)
PTR: 84-199-66-5.iFiber.telenet-ops.be
| products.vab.be |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
vab.be
products.vab.be |
29 KB |
| 10 |
paypage.be
secure.paypage.be |
17 KB |
| 22 | 2 |
| Domain | Requested by | |
|---|---|---|
| 12 | products.vab.be |
products.vab.be
|
| 10 | secure.paypage.be |
products.vab.be
|
| 22 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| secure.paypage.be |
| www.visaeurope.com |
| www.mastercard.us |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.vab.be GlobalSign GCC R3 DV TLS CA 2020 |
2024-01-24 - 2025-02-24 |
a year | crt.sh |
| secure.paypage.be DigiCert SHA2 Extended Validation Server CA |
2023-08-23 - 2024-08-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://products.vab.be/IndirectProductSalePayment/KbcPayPage.aspx?id=ec2da594-227a-4e8f-b9f0-7052c6e8add4
Frame ID: F5849BF57DD637D913E34BAEEA2C8C9A
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
Payment confirmationDetected technologies
Microsoft ASP.NET
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.aspx?(?:$|\?)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery Migrate
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
URL: https://secure.paypage.be/info.asp?product=MAYIPAYMAESTRO3&CSRFSP=%2Fncol%2Fprod%2Forderstandard%5Futf8%2Easp&CSRFKEY=69103D3C9FEBBD9FCA5F245B26AEE48E3B405674&CSRFTS=20240303040210
Title: Kan ik daadwerkelijk betalen met mijn Maestro kaart?
Title: Kan ik daadwerkelijk betalen met mijn Maestro kaart?
Search URL Search Domain Scan URL
URL: https://secure.paypage.be/ncol/prod/privacy.asp?PAYID=7860317993&PSPID=VABIndirectProductSalesPRD&BRAND=VISA&BRAND=Eurocard&BRAND=BCMC&BRAND=Maestro&BRAND=KBC+Online&BRAND=CBC+Online&DFP=1&LANGUAGE=3&BRANDING=PAYPAGE&EXP=20240303050710&SIGN=0CDB983567929D92D22AA12353F026984A8D31A5B0C4D443362A33ED2CEBE2AE
Title: Privacy verklaring: Welke persoonsgegevens worden verzameld en hoe worden deze gebruikt?
Title: Privacy verklaring: Welke persoonsgegevens worden verzameld en hoe worden deze gebruikt?
Search URL Search Domain Scan URL
URL: http://www.visaeurope.com/en/cardholders/verified_by_visa.aspx
Search URL Search Domain Scan URL
URL: https://www.mastercard.us/en-us/frequently-asked-questions.html#securecode
Search URL Search Domain Scan URL
URL: https://secure.paypage.be/ncol/legal.asp?lang=3&mode=STD&branding=PAYPAGE&CSRFSP=%2Fncol%2Fprod%2Forderstandard%5Futf8%2Easp&CSRFKEY=57AA4222CE368529E2CDD19F02900D304974533B&CSRFTS=20240303040211
Title: Wettelijke informatie
Title: Wettelijke informatie
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
KbcPayPage.aspx
products.vab.be/IndirectProductSalePayment/ |
14 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ingenicoResponsivePaymentPageTemplate_reset.css
products.vab.be/IndirectProductSalePayment/cdn/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ingenicoResponsivePaymentPageTemplate_template.css
products.vab.be/IndirectProductSalePayment/cdn/ |
67 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
LogoVAB.png
products.vab.be/IndirectProductSalePayment/cdn/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
VISA_choice.gif
secure.paypage.be/images/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Eurocard_choice.gif
secure.paypage.be/images/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
BCMC_choice.gif
secure.paypage.be/images/ |
1011 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Maestro_choice.gif
secure.paypage.be/images/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
KBC%20Online_choice.gif
secure.paypage.be/images/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
CBC%20Online_choice.gif
secure.paypage.be/images/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
form_validation.js
products.vab.be/IndirectProductSalePayment/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-3.7.0.min.js
products.vab.be/IndirectProductSalePayment/js/jquery.core/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-migrate-3.4.1.min.js
products.vab.be/IndirectProductSalePayment/js/jquery.plugins/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Fp_inc.1.2.js
products.vab.be/IndirectProductSalePayment/js/fp/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
base64_inc.js
products.vab.be/IndirectProductSalePayment/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
VISA_brand3D.gif
secure.paypage.be/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Eurocard_brand3D.gif
secure.paypage.be/images/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pp_paypage.gif
secure.paypage.be/images/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
wait_turn.gif
secure.paypage.be/images/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Roboto-Regular.ttf
products.vab.be/IndirectProductSalePayment/cdn/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Roboto-Light.ttf
products.vab.be/IndirectProductSalePayment/cdn/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Roboto-Bold.ttf
products.vab.be/IndirectProductSalePayment/cdn/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Transportation (Transportation)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| ncolwaitwindow number| ncolwaitwindowopen function| ShowWaitMsg function| my_submitAndWait function| justWait function| close_ncol_wait function| openPOPUP number| js_version string| AlertMSG_109 string| AlertMSG_110 string| AlertMSG_173 string| AlertMSG_1205 string| AlertMSG_111 string| AlertERR_907 string| AlertERR_95 string| AlertERR_96 object| OGONE4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| products.vab.be/ | Name: ASP.NET_SessionId Value: qttoe1fozlij3hfiviv3sd1p |
|
| products.vab.be/ | Name: osVisitor Value: dc7f4672-7f80-497b-a5b1-8f812e45ef46 |
|
| products.vab.be/ | Name: osVisit Value: 09c7a742-f56b-4b71-8bc6-f551200459f4 |
|
| products.vab.be/ | Name: cookiesession1 Value: 678A3E422AA14686E2A8DD7FA74BCD0E |
13 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | frame-ancestors 'none' |
| Strict-Transport-Security | max-age=31536000 |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
products.vab.be
secure.paypage.be
185.8.54.21
84.199.66.5
008086eb50541976bb7694c544370ba2f1823352c090dd59db1bbc3159eaffbe
1b67e9cfcde946b7bffea54756f250fe82de2920108c9cb758f95cee7cdc0a97
1fb6f4716a542fe80afcbde4af9e9ff034ed3cd432c5fe05aa5d94c148f34ae3
25d0495d0cabd8f2aaea3d96a8de857845b3086d2187bf1c48aad1bbd7dc682f
57a0832cc2cf9867af4262c000dec2c77be2051c24713429cbe7fbc6a81903c1
59b66845812b0f601bd3212774a8982a9aaf6d82074e258ea951e2465fad5407
8dfc242fb30ad533ab74ef89f2bf3adf649f869296c84a801c6259db4a3d7fb5
c9650d5ccf8c9d0ece248e5c1476dc2af9506023ea837eea901db3213366e182
cef434a3b03235f477420b86de1d0ccd91f0f76ea9653f3da99d147660fc4308
cf788f14421f7b5a94bdc2b635a98145ef4ea7d3cd943aedfd42c96a6dd539c8
d565b49dc9d43a64de44911e1693ebedfa0718c6dbf3b15580b2318d245653a4
e5abfb0cfde36fa4f5cfe03519c2df99c0a8ec87dbd32ab464615b75d780b7b0
f565e915a925778a5caa9279a8916b68656ab111c353acdebd3a4c2a9b840ce3
fa5b7ea31576281faefe8afb115aa1ac2a46c0e74590e8031a6161b54c9c8db0